US9432086B2 - Method and system for authorizing execution of an application in an NFC device - Google Patents
Method and system for authorizing execution of an application in an NFC device Download PDFInfo
- Publication number
- US9432086B2 US9432086B2 US14/369,550 US201214369550A US9432086B2 US 9432086 B2 US9432086 B2 US 9432086B2 US 201214369550 A US201214369550 A US 201214369550A US 9432086 B2 US9432086 B2 US 9432086B2
- Authority
- US
- United States
- Prior art keywords
- identifier
- application
- nfc device
- secure processor
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000004891 communication Methods 0.000 claims description 20
- 238000004364 calculation method Methods 0.000 claims description 19
- 238000009434 installation Methods 0.000 claims description 16
- 101100240096 Arabidopsis thaliana NAP1 gene Proteins 0.000 description 31
- ZIUHHBKFKCYYJD-UHFFFAOYSA-N n,n'-methylenebisacrylamide Chemical compound C=CC(=O)NCNC(=O)C=C ZIUHHBKFKCYYJD-UHFFFAOYSA-N 0.000 description 31
- 230000006870 function Effects 0.000 description 16
- 238000005516 engineering process Methods 0.000 description 7
- 230000004044 response Effects 0.000 description 6
- 230000008520 organization Effects 0.000 description 5
- 230000001960 triggered effect Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 230000003213 activating effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000009432 framing Methods 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B5/00—Near-field transmission systems, e.g. inductive or capacitive transmission systems
- H04B5/70—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
- H04B5/72—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for local intradevice communication
-
- H04B5/0031—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B5/00—Near-field transmission systems, e.g. inductive or capacitive transmission systems
- H04B5/20—Near-field transmission systems, e.g. inductive or capacitive transmission systems characterised by the transmission technique; characterised by the transmission medium
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/35—Protecting application or service provisioning, e.g. securing SIM application provisioning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B5/00—Near-field transmission systems, e.g. inductive or capacitive transmission systems
- H04B5/70—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H04W4/001—
-
- H04W4/008—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/50—Service provisioning or reconfiguring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Definitions
- the present invention relates to the installation and execution of a secure application in a portable device of the type mobile phone or the like.
- the present invention also relates, but not exclusively, to the NFC technology (Near Field Communication) as well as to architectures of NFC devices or “NFC chipset”, i.e. chipsets comprising at least one NFC component.
- NFC technology Near Field Communication
- NFC chipset i.e. chipsets comprising at least one NFC component.
- the NFC technology is currently developed by an industrial consortium gathered under the name of NFC Forum (http://www.nfc-forum.org).
- the NFC technology derives from the RFID technology (Radio Frequency Identification) and uses NFC controllers having several operating modes, in particular a Reader Mode, a Card Emulation Mode and a Peer-to-Peer Mode.
- NFC controller into handheld objects of the type mobile phone or the like (for example Personal Digital Assistants PDA having a mobile phone function).
- the aim of this integration is in particular to provide such handheld objects with a payment or access control application (metro, bus, etc.), and with other NFC technology applications such as tag or contactless electronic card reading.
- FIG. 1 shows a NFC device of the type Handheld Device HD such as a mobile phone, a PDA (Personal Digital Assistant) etc.
- the device HD comprises a NFC controller referred to as NFCC and at least one host processor HP 1 , HP 2 connected to controller NFCC through a bus BS 1 , for example of SWP type (“Single Wire Protocol”).
- a host processor HP 2 may be a Universal Integrated Circuit Card UICC, for example of the type SIM card (Subscriber Identity Module).
- a host processor HP 1 may also be the baseband processor of a mobile phone (i.e. the processor managing phone calls).
- host processor HP 1 may be connected to controller NFCC by means of an asynchronous link BS 2 managed by UART ports (“Universal Asynchronous Receiver Transmitter”). If desired, processor HP 2 may also be directly connected to processor HP 1 through a bus BS 3 of the type ISO 7816.
- Controller NFCC comprises a host controller HC and a Contactless Front End Interface CLF provided with an antenna coil AC 1 .
- the host controller HC and the interface CLF may be made on a same semiconductor chip, like the MicroRead® chip commercialized by the applicant, or be formed by two different chips, like the chips “PicoRead® Microcontroller” and “Pico Read® RF Interface” commercialized by the applicant.
- the interface CLF of controller NFCC may generally operate according to several RF technologies, for example of “Type A” such as defined by ISO/IEC 14443 parts 2, 3 and 4, of “Type B” such as defined by ISO/IEC 14443-2 with a standard framing such as defined by ISO/IEC 14443-3, and of “Type F” such as defined by ISO 18092 as passive mode at 212 and 424 kb/s (kilobytes per second) or by the Japanese industrial standard JIS X 6319-4.
- “Type A” such as defined by ISO/IEC 14443 parts 2, 3 and 4
- “Type B” such as defined by ISO/IEC 14443-2 with a standard framing such as defined by ISO/IEC 14443-3
- “Type F” such as defined by ISO 18092 as passive mode at 212 and 424 kb/s (kilobytes per second) or by the Japanese industrial standard JIS X 6319-4.
- Each RF technology, or contactless communication protocol defines a transmit frequency of the magnetic field, a modulation method of the magnetic field to transmit data in active mode, a load modulation method to transmit data in passive mode, a data coding method, a data frame format, etc.
- FIG. 2 represents a handheld device HD provided with the NFC device of FIG. 1 , the device HD here being a mobile phone.
- reader applications RAP and card applications CAP There are reader applications RAP and card applications CAP.
- Controller NFCC operates like an NFC reader to perform a transaction with a Contactless Integrated Circuit CIC.
- a reader application RAP, RAPi is executed by host processor HP 1 (Cf. FIG. 1 ).
- the latter places interface CLF in an active operating mode where it emits a magnetic field FLD, sends data by modulating the magnetic field and receives data by load modulation and inductive coupling.
- This type of application may be free (for example reading an electronic tag in a bus shelter containing the bus schedule) and may be executed by a non secure processor.
- Host processor HP 1 may in this case be the baseband processor of the mobile phone. If it is a paying application, the host processor executing the application is preferably a secure processor, for example a SIM card processor, because the service access requires an identification/authentication of the subscriber.
- controller NFCC does not emit any magnetic field, receives data by demodulating a magnetic field FLD emitted by reader RD and sends data by modulating the impedance of its antenna circuit AC 1 (load modulation).
- the concerned applications are usually applications of payment or paying access control (payment machines, metro entrances, etc.).
- the handheld device HD is therefore used in this case like a chip card.
- This type of application is most often secure and host processor HP 1 , HP 2 which executes the application program is then a secure processor, for example a processor of SIM card, comprising encryption functions for the user authentication and/or the authentication of the handheld device in relation to a transaction terminal.
- the secure processor (SIM card) is usually given to a final user by a mobile network operator, after receiving security information such as identifiers, secret keys and certificates linked to the user.
- the handheld device may be given to the final user by the mobile network operator or another entity.
- the application is performed by a software developer. If it involves payment transactions, the application is certified by a certification organization linked to a banking organization.
- a software component of an application is securely installed in the secure host processor and customized with identification data of the user and the handheld device and encryption keys specific to the application and user.
- the user is also securely referenced to a banking organization.
- a payment transaction involves a payment terminal which is produced by another manufacturer, and which must also be certified by a certification organization.
- the user of the payment terminal, a retailer must also be referenced securely to a banking organization.
- Mobile network operators are generally reluctant to make the SIM card security functions and data available to others such as secure application providers or card payment services. The result is that installing an application requiring a user authentication in a handheld device raises numerous issues. These issues appear each time an application must be installed in particular in a secure processor of the handheld device, and in particular when a user changes his/her handheld device (mobile phone) and must reinstall the applications previously installed in an old handheld device.
- NFC applications may therefore be desired to make an architecture for deploying NFC applications, which does not require mobile network operators to be involved, while offering if necessary a security level complying with payment and paying access control services. It may also be desired that this architecture does not require the implementation of a trusted centralized server to guarantee the management (emission, control, cancellation) of secret data allocated to each mobile phone for each application. It may also be desired that each NFC application installed in a handheld device is not attached to a particular handheld device, but may be easily activated in another handheld device. It may also be desired that the provider of an application may easily allow the user to access the application, by minimizing his/her involvement, and without involving the mobile network operator or other entities. It may also be desired to guarantee the user anonymity when s/he executes an NFC application, and in particular to avoid a third person to establish a link between an NFC device and the identity of the NFC device user.
- Embodiments may relate to a method for executing an application in an NFC device, the method comprising steps during which: a contactless link is established between a first NFC device and a second NFC device, the first NFC device transmits through the contactless link an identifier memorized by the first NFC device to the second NFC device, the second NFC device transmits through the contactless link an application identifier to the first NFC device, the second NFC device transmits to an application server the identifier memorized by the first NFC device and the application identifier, the application server transmits to an authentication server the identifier memorized by the first NFC device and the application identifier, the authentication server verifies from the identifier memorized by the first NFC device that the first NFC device is authorized to execute the application identified by the application identifier, and if the first NFC device is authorized to execute the application, the authentication server authorizes the execution of the application by transmitting to the application server an identifier of a user of the first NFC device,
- the identifier memorized by the first NFC device is periodically modified by the authentication server which keeps up to date a link between the user identifier and the identifier memorized by the first NFC device.
- the identifier of the first NFC device identifies a secure processor of the first NFC device
- the secure processor transmits through the contactless link first authentication data allowing the secure processor of the first NFC device to be authenticated
- the second NFC device transmits to the application server the first authentication data
- the application server transmits to the authentication server the first authentication data and second authentication data allowing the application corresponding to the application identifier to be authenticated
- the authentication server verifies the authentication data, the two NFC devices to being authorized to execute the application only if the secure processor and the application are authenticated.
- the first NFC device transmits to the authentication server an application installation request comprising the application identifier of an application to be installed, and the first is authentication data allowing the secure processor of the first NFC device to be authenticated, the authentication server verifies the first authentication data, and if the secure processor is authenticated, transmits to the first NFC device an address for downloading the application, and the first NFC device downloads the application from the received download address and installs the downloaded application.
- the first NFC device informs the authentication server of the application installation by supplying thereto the identifier of the installed application and the first authentication data, and the authentication server verifies the first authentication data, and if the secure processor is authenticated, the authentication server memorizes the application identifier in association with the secure processor identifier of the first NFC device.
- the authentication server does not transmit to the first NFC device an address for downloading the application if the application identifier is already memorized in association with the secure processor identifier of the first NFC device.
- the authentication server does not authorize the execution of the application by the two NFC devices if the application identifier is not memorized in association with the secure processor identifier of the first NFC device.
- the first authentication data comprise the secure processor identifier and a first cryptogram calculated by the secure processor by applying to the secure processor identifier an encryption calculation using a secret key memorized by the secure processor.
- the second authentication data comprise the secure processor identifier, the application identifier and a second cryptogram calculated by the application server by applying an encryption calculation to the application identifier, using a secret key specific to the application.
- the second cryptogram is calculated by applying the encryption calculation to the application identifier, and to the first cryptogram.
- the first and/or second cryptograms are calculated using a symmetric encryption algorithm using a secret key, or an is asymmetric encryption algorithm using a private key, or a hashing function applied to the data to be ciphered and the secret key.
- verifying each of the first and second cryptograms is performed by recalculating the cryptogram from the same data and by using an encryption key accessible to the authentication server.
- Embodiments may also relate to a system for executing a secure application in an NFC device, comprising: a first NFC device comprising an NFC component for establishing a contactless communication with another NFC device, and a secure processor connected to the NFC component, a second NFC device connected to an application server to execute an application with another NFC device, the system comprising an authentication server accessible to the application server and to the first NFC device, the system being configured to execute the method as previously defined.
- Embodiments may also relate to a set of a secure processor coupled to an NFC component configured to establish a contactless communication with an NFC device, the secure processor comprises a software component associated with an secure processor identifier, configured to: establish a contactless communication with an NFC device through the NFC controller, and transmit the identifier through the contactless link, receive through the contactless link an application identifier, and transmit through the contactless link authentication data of the software component.
- the secure processor comprises a software component associated with an secure processor identifier, configured to: establish a contactless communication with an NFC device through the NFC controller, and transmit the identifier through the contactless link, receive through the contactless link an application identifier, and transmit through the contactless link authentication data of the software component.
- the software component is configured to verify if the received application identifier is in a list of applications memorized by the secure processor or not.
- the authentication data comprise the secure processor identifier and a first cryptogram calculated by the secure processor by applying to the secure processor identifier, an encryption calculation using a secret key memorized by the secure processor.
- the first cryptogram is calculated by the secure processor using a symmetric encryption algorithm using a secret key, or an asymmetric encryption algorithm using a private key, or a hash function applied to the data to be ciphered and to the secret key.
- FIG. 1 previously described schematically shows the architecture of a conventional NFC device
- FIG. 2 previously described schematically shows examples of applications implemented in the NFC device
- FIG. 3 schematically shows the architecture of an NFC application deployment system
- FIGS. 4A to 4D show tables of one or more data bases used by the deployment system
- FIG. 5 shows steps for activating a transaction implying the execution of an application, between a secure host processor of the NFC device and a NFC reader, according to one embodiment
- FIG. 6 shows steps for installing and executing an application in a NFC device, according to one embodiment
- FIG. 7 shows steps of a procedure for authorizing a transaction triggered by an NFC interaction device during the execution of an application, according to one embodiment.
- FIG. 3 shows the architecture of an NFC application deployment system.
- the application deployment system comprises a plurality of handheld NFC devices HD 1 and interaction devices POI with which devices HD 1 may establish a NFC contactless communication.
- Devices POI may be NFC contactless readers or NFC contactless integrated circuits.
- Devices POI are each connected or connectable to an application server ASRV allowing a transaction to be executed as part of an application, with a device HD 1 connected to device POI.
- Device POI comprises an antenna AC 2 to establish contactless NFC communications with an NFC device.
- Device POI may be connected to server ASRV either directly, or through one or more data transmission networks.
- Device HD 1 comprises host processors HP 1 , SE and an NFC component referred to as NFCC.
- Processor HP 1 is for example a baseband processor of mobile phone, and host processor SE is a secure processor.
- Component NFCC comprises a host controller HC connected to processors HP 1 and SE and an NFC interface circuit referred to as CLF connected to an antenna circuit AC 1 .
- Processor HP 1 comprises a MOS operating system and can execute one or more applications APP installed in a memory of processor HP 1 (or accessible to processor HP 1 ).
- Processor SE may be the is processor of a SIM card or a different processor having at least the same level of security.
- the MOS operating system comprises driver software ONS allowing processor HP 1 to access some functions of processor SE through controller NFCC and to receive notifications emitted by processor SE.
- Processor HP 1 also comprises an application database ARB comprising secure application references APP installed in the memory of processor HP 1 .
- Processor SE comprises an application software component called “NAPP applet”, an identifier of processor SE and an identifier of component NAPP, encryption keys KY, a list PAB of identifiers of secure applications installed in device HD 1 , and configuration data of device HD 1 (type of device, name and version of the MOS operating system, etc.).
- the secure applications APP may be payment, access control applications, and more generally, applications requiring an authentication.
- the software component NAPP may also memorize configuration information CFG of device HD 1 , the information comprising in particular a type of device and a version number of the MOS operating system.
- the MOS operating system also comprises a secure application control software NMNG communicating with software component NAPP through driver ONS and controller NFCC.
- Software NMNG is configured to collect configuration information of device HD 1 , and transmit them to processor SE.
- Software NMNG is linked in a unique way to software component NAPP so as to mask the presence of the software component to the other applications installed in processor HP 1 . Thus, only software NMNG is notified when software component NAPP is called through a contactless link established by controller NFCC, to execute a secure application.
- Software NMNG also performs a function for managing the preferences of the user of device HD 1 .
- the application deployment system comprises a database server HSRV giving access to one or more databases IDDB, UPDB, ARDB, KYDB.
- Software NMNG also performs a function of interface between server HSRV and software component NAPP.
- Server HSRV manages identifiers of software components NAPP installed in the processors SE of devices HD 1 , identifiers of application providers, and supplies authentication services.
- the processor SE of each device HD 1 receives unique identifiers SEID and NID of processor SE and software component NAPP, symmetric encryption secret keys and/or asymmetric encryption public and private keys associated to a certificate.
- Server HSRV performs functions of registering and removing users, processors SE, software components NAPP, application providers and applications. Each application is therefore identified by a unique application identifier.
- database IDDB is configured to establish a correspondence between identifiers SEID, NID of processor SE and of software component NAPP of each processor SE commissioned in a device HD 1 .
- the base IDDB also establishes a correspondence between identifier NID and a key index KIX for accessing the associated encryption keys, memorized by processor SE.
- Database IDDB is therefore completed each time a processor SE is commissioned in a device HD 1 .
- the database IDDB also comprises a look-up table between identifiers of software components NID installed in a processor SE and application identifiers ARef, this table therefore indicates if an application having as identifier ARef is installed in a device HD 1 whose software component NAPP corresponds to identifier NID.
- Base IDDB is therefore also updated each time an application is installed in or erased from a device HD 1 .
- database UPDB is configured to establish a correspondence between an identifier NID allocated to software component NAPP and a user identifier UID having processor SE installed in device HD 1 , as well as a correspondence between identifier UID and an index PRFX referencing profile information UPRF relating to the user of device HD 1 .
- a user identifier UID may be associated in table UPDB to several identifiers NID of software components NAPP installed in a processor SE.
- Database UPDB is completed during the installation of a first application in a device HD 1 , and updated each time the profile information of a user is modified.
- database ARDB is configured to establish a correspondence between application provider identifiers PVID and application identifiers APID for a type of device HD 1 , a correspondence between each identifier PVID and an encryption key index KIX allowing encryption keys KIX specific to the application provider to be accessed.
- Base ARDB also establishes a correspondence between each application identifier APID and a reference DRF of type of device HD 1 in which the application may be installed and executed, and between each reference DRF and a URL address for downloading the application corresponding to identifier APID.
- Each identifier APID thus allows each application instance adapted to a type of device HD 1 to be identified and an address for downloading the application instance to be accessed.
- Base ARDB is updated each time a new application provided for a type of device HD 1 is saved.
- database KYDB is configured to establish a correspondence between each key index (of processor SE or application provider) and encryption keys.
- the access to database KYDB may be protected by a specific server configured to receive key indexes KIX and data to be ciphered or deciphered and to supply in response cryptograms resulting from the ciphering or deciphering of the data supplied by means of the keys referenced by the supplied key index KIX.
- Base KYDB is therefore modified each time a new processor SE is commissioned and each time a new application for a type of device HD 1 is saved.
- each identifier NID allocated to each user in base UPDB is modified from time to time, for example periodically, by server HSRV.
- Server HSRV also performs the modification in base IDDB and provides the concerned device HD 1 with the new identifier NID to be used, for example in a message indicating the old and new identifier NID.
- Each device HD 1 s configured to receive and process such a message by transmitting the old and new identifier NID to processor SE.
- Processor SE is configured to memorize the new identifier NID instead of the old one only if the old identifier received corresponds to that memorized by processor SE.
- Processor SE sends to server HSRV through device HD 1 an update report message indicating if the update of identifier NID has been performed or not.
- Server HSRV may repeat the operation until the update is performed by processor SE.
- bases UPDB and IDDB are updated only when processor SE has sent to server HSRV a report message indicating it has performed the update.
- FIG. 5 shows a sequence of steps S 1 to S 13 triggered when a device HD 1 is placed in contactless communication with a device POI. This sequence is executed by software component NAPP installed in processor SE of device HD 1 put in communication with device POI through controller is NFFCC, by contactless reader software NPRT installed in device POI and by management software NMNG of processor HP 1 .
- step S 1 software NPRT sends, if need be, a message for selection a payment application PPSE (Proximity Payment System Environment) to controller NFCC. Controller NFCC forwards message PPSE to processor SE.
- processor SE answers to the selection message.
- step S 3 reader software NPRT sends to processor SE a message for selecting the software component NAPP installed in processor SE. Indeed, several other software components may be installed in processor SE.
- step S 4 software component NAPP answers to software NPRT by providing it with its identifier NID.
- device POI sends a transaction initialization message comprising information on the type of transaction TTyp, an application identifier APID, and transaction data.
- step S 6 software component NAPP verifies if identifier APID is in the list PAB of identifiers of applications installed in processor HP 1 or not.
- step S 7 software component NAPP answers to the initialization message by indicating if application ARID is installed in processor HP 1 or not.
- device POI executes step S 9 where it emits a read order.
- step S 8 software component NAPP launches an encryption calculation to obtain a cryptogram ED 1 .
- step S 10 cryptogram ED 1 , as well as standard payment transaction data DATA 1 if the application requested is installed. It is to be noted that steps S 1 to S 9 comply with the card payment standard EMV (Europay, MasterCard and Visa).
- software component NAPP emits an alert toward management software NMNG installed in processor HP 1 , to inform it has been called through controller NFCC.
- software NMNG transmits to software component NAPP a data request message.
- software component NAPP transmits in response to software NMNG the type of transaction TTyp received, application identifier APID, cryptogram ED 1 and state information STS.
- software NMNG launches the application in processor HP 1 or a procedure for installing this application if it is not installed.
- Cryptogram ED 1 is for example calculated by applying an encryption function such as a symmetric encryption function like AES (Advanced Encryption Standard) using a key memorized by processor SE, to identifier NID, application identifier APID, and possibly other data.
- Cryptogram ED 1 may also be calculated by means of a hash function such as SHA (Secure Hash Algorithm) or MD5 (Message Digest 5) applied to the same data, as well as to the key memorized by processor SE.
- Cryptogram ED 1 may also be calculated by an asymmetric encryption function using a private key memorized by processor SE, the corresponding public key being memorized in base KYDB. The other data used in the calculation of cryptogram ED 1 are transmitted with it to allow it to be verified after.
- FIG. 6 shows a sequence of steps S 31 to S 52 which may be executed at step S 13 by device HD 1 , and by servers HSRV and ASRV.
- software NMNG of processor HP 1 determines if the application having as identifier APID is installed in device HD 1 by consulting database ARB. If the application is already installed, processor HP 1 executes step S 48 where it may be provided to ask the user if s/he accepts to activate the application. If the user accepts to activate the application, the application is launched at step S 49 . If the application is not installed in device HD 1 , processor HP 1 executes step S 32 where it may be provided to ask the user if s/he wishes to install the application in device HD 1 .
- processor HP 1 emits a download validation request DLVal toward server HSRV, this request coming with the identifier of a software component NID, cryptogram ED 1 calculated at step S 7 , and application identifier APID to be downloaded.
- server HSRV receives this request and verifies cryptogram ED 1 by means of identifier NID and the information contained in databases IDDB, UPDB and KYDB, and verifies the existence of the application identifier in base ARDB.
- Server HSRV also verifies that the application has not already been installed in device HD 1 by verifying in base IDDB that identifier NID is not already linked to application identifier APID.
- Verifying the link between identifier NID and the application identifier may take into account that the application being installed is an update of an application previously installed in device HD 1 . In this case, the installation is authorized by server HSRV.
- server HSRV executes step S 36 where it determines a download URL address of the application by accessing base ARDB by means of identifier APID.
- server HSRV answers to request DLVal by supplying the result of the verifications performed at step S 34 . If these verifications are satisfying, server HSRV also transmits to processor HP 1 the URL download address of the application and possibly the application identifier APID.
- processor HP 1 receives the information from server HSRV, and if the download is authorized by server HSRV, downloads the application by accessing a server WSRV at the URL address received.
- processor HP 1 launches the installation of the application by executing the file downloaded at step S 39 .
- processor HP 1 asks processor SE through software component NAPP to introduce application identifier APID into the list of application identifiers PAB memorized by processor SE for each payment application.
- processor SE updates this list.
- processor HP 1 transmits to server HSRV a validation request for installing the application containing the identifier NID, cryptogram ED 1 and identifier APID of the application installed (step S 44 ).
- server HSRV verifies cryptogram ED 1 . If cryptogram ED 1 is correct (step S 46 ), server HSRV memorizes that identifier NID is linked to application identifier APID in base IDDB (step S 47 ).
- step S 48 if cryptogram ED 1 is correct, server HSRV transmits to processor HP 1 a message for authorizing the execution of the application installed.
- processor HP 1 updates database ARB by inserting therein identifier AP 1 D of the installed application, and launches the execution of the application.
- the application may access the server of application ASRV or an associated server (at step S 50 ), which may ask server HSRV user profile information UPRF memorized in base UPDB, on the basis of identifier NID, and ask the user if need be to complete the information, for example by displaying on a display screen of device HD 1 a form to fulfill.
- the form displayed may be already filled-in with information about the user, already in base UPDB.
- the profile information input by the user may be transmitted by processor HP 1 to a server linked to the application, like server ASRV or server WSRV, which forwards them to server HSRV to update database UPDB (step S 51 ).
- server ASRV may execute a conventional payment transaction by accessing a bank network on the basis of user identification information obtained from identifier NID in base UPDB.
- Procedures for blocking/unblocking an application and for uninstalling an application may be put at the disposal of the user. These procedures occur in a way analog to steps S 33 to S 37 , step S 33 being replaced by the emission of a corresponding block, unblock or uninstall request, and step S 36 being replaced by a step of executing the request.
- a block state indicator may be provided at each line of the table of base IDDB associating an application identifier APID to an identifier NID of software component NAPP. If it is an application block or unblock request, server HSRV may update the state indicator corresponding to the identifiers of application APID and software component NID received from processor HP 1 . This state indicator may be tested before processor HP 1 executes the application at step S 49 .
- server HSRV may suppress the line of this table associating the software component and application identifiers received from processor HP 1 .
- the application blocking/unblocking and uninstalling operations are performed only after server HSRV verifies cryptogram ED 1 supplied by processor HP 1 , and the existence of a link between identifiers NID and APID in base IDDB.
- Each element of list PAB memorized in processor SE may be associated to a priority number and a block indicator, accessible by a configuration command put at the disposal of the user through processor HP 1 . That way, if several payment applications saved in list PAD comply with identifier APID transmitted by device POI at step S 5 , the software component NAPP activates the non blocked payment application having the greatest priority number.
- FIG. 7 shows a sequence of steps S 61 to S 70 which may be triggered by device POI at launching and executing an application after steps S 9 and S 49 or a payment application launched by the application activated at step S 49 .
- This sequence of steps is executed by device POI, application server ASRV and server HSRV.
- device POI transmits to server ASRV a transaction request TTReq containing data regarding the application to AppData, the identifier of software component NID received at step S 4 , and cryptogram ED 1 received at step S 9 .
- server ASRV receives this request and launches an encryption calculation to obtain a cryptogram ED 2 , in particular from application identifier APID.
- server ASRV emits toward server HSRV an authentication request AuthReq containing the software component identifier NID, cryptograms ED 1 and ED 2 and the application identifier APID.
- server HSRV verifies the existence of identifier NID in database IDDB and verifies cryptogram ED 1 .
- server HSRV verifies the existence of application identifier APID in base ARDB, and verifies cryptogram ED 2 .
- server HSRV verifies in database IDDB that the application is linked to the identifier NID of processor SE of device HD 1 connected to device POI.
- server HSRV emits toward server ASRV an authentication response message AuthRep indicating the success or failure of the authentication, i.e. if cryptograms ED 1 , ED 2 received are authentic, and if the application having the identifier APID is actually linked to identifier NID of device HD 1 connected to device POI. If the authentication is a success, server HSRV also transmits if necessary, the user identifier UID to server ASRV to allow it to perform a transaction on the basis of the user identity.
- AuthRep the success or failure of the authentication
- server ASRV tests the authentication response message and if the authentication is a success, it executes steps S 69 and S 70 where it executes the transaction corresponding to the application and user, and it transmits to device POI a transaction response message TTRep to the request transmitted at step S 61
- Server ASRV may thus be sure of the authenticity of identifiers NID and APID.
- Cryptogram ED 2 may be calculated (at step 62 ) by applying the function used to calculate cryptogram ED 1 , to application identifier APID, and possibly to cryptogram ED 1 and other data such as a randomly generated number.
- the other data used in the calculation of cryptogram ED 2 , and in particular the random number are transmitted with cryptogram ED 2 to allow it to be verified by server HSRV.
- cryptograms are calculated by means of a symmetric encryption function or a hash function, using a secret key, cryptograms ED 1 , ED 2 may be verified by recalculating them by means of the same secret keys and the same data used for their first calculations.
- the secret data are memorized in base KYDB in association with identifiers NID, APID.
- the data possibly used for the calculation of cryptogram ED 1 may be found in base IDDB in association with identifier NID.
- the data possibly used for the calculation of cryptogram ED 2 may be found in base ARDB in association with identifier APID. If cryptograms ED 1 , ED 2 have been calculated by means of an asymmetric encryption algorithm, they may be verified by applying thereto the same encryption algorithm using public keys memorized in base KYDB, corresponding to the secret keys used for their calculations.
- user identifier UID is never transmitted or received by NFC device HD 1 , but only by the links between servers ASRV, HSRV which may be secured.
- the user anonymity may thus be protected, knowing identifier NID is insufficient to identify a user and that identifier SEID of processor SE is never transmitted during the execution of an application.
- authentication server HSRV may in reality be made by several servers connected between them.
- encryption key base KYDB may be accessible through a specific server.
- the data of each base IDDB, UPDB, ARDB and KYDB may also be distributed into several databases accessible through different servers.
- Secure processor SE is personalized once for all the NFC applications susceptible of being executed by processor HP 1 , by receiving component NAPP associated to a unique identifier NID and one or more associated secret keys. Since only one software component NAPP may be installed in processor SE, identifier NID may be used to identify processor SE. The installation of component NAPP in processor SE does not prevent the installation or execution of other software components in processor SE. As the link between an application and device HD 1 of a user is established outside device HD 1 , i.e.
- controller NFCC is connected to processor HP 1 .
- controller NFCC and secure processor SE may be integrated into a chip associated to a mobile phone by any mechanical means (sticker, mobile phone cover).
- transmitting the data necessary for the execution of an application by processor HP 1 may be transmitted to processor HP 1 through server ASRV connected to device POI.
- the application in processor HP 1 may also be manually launched by the user.
- NFC device HD 1 may thus be supplied to a user with a certain number of applications already installed in processor HP 1 .
- device HD 1 may establish a contactless link with an external NFC device (POI) in card mode, or in reader mode, or in “peer-to-peer” mode.
- POI NFC device
- the execution of the sequence of steps of FIG. 6 is not necessary performed in a synchronous way. Indeed, in particular in the case where device POI is a contactless integrated circuit, steps S 61 and S 70 may be performed in delay time when device POI may establish a communication with application server ASRV.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Radar, Positioning & Navigation (AREA)
- Multimedia (AREA)
- Remote Sensing (AREA)
- Technology Law (AREA)
- Entrepreneurship & Innovation (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Marketing (AREA)
- Tourism & Hospitality (AREA)
- Human Resources & Organizations (AREA)
- Economics (AREA)
- Finance (AREA)
- Mobile Radio Communication Systems (AREA)
- Stored Programmes (AREA)
- Telephone Function (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims (29)
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1250051 | 2012-01-03 | ||
FR1250051A FR2985343B1 (en) | 2012-01-03 | 2012-01-03 | METHOD FOR EXECUTING AN APPLICATION IN AN NFC DEVICE |
PCT/FR2012/052289 WO2013102708A1 (en) | 2012-01-03 | 2012-10-09 | Method for executing an application in an nfc device |
Publications (2)
Publication Number | Publication Date |
---|---|
US20140364058A1 US20140364058A1 (en) | 2014-12-11 |
US9432086B2 true US9432086B2 (en) | 2016-08-30 |
Family
ID=47143159
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/369,550 Active US9432086B2 (en) | 2012-01-03 | 2012-10-09 | Method and system for authorizing execution of an application in an NFC device |
Country Status (5)
Country | Link |
---|---|
US (1) | US9432086B2 (en) |
EP (1) | EP2801052B1 (en) |
CN (1) | CN104040553B (en) |
FR (1) | FR2985343B1 (en) |
WO (1) | WO2013102708A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10404718B2 (en) * | 2015-12-17 | 2019-09-03 | Robert Bosch Gmbh | Method and device for transmitting software |
Families Citing this family (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9722791B2 (en) * | 2014-05-14 | 2017-08-01 | Inferspect, Llc | Three-tiered security and computational architecture |
CN105722005B (en) * | 2014-12-04 | 2019-05-10 | 中国移动通信集团公司 | A kind of near field communication method and device |
US10334431B2 (en) * | 2014-12-23 | 2019-06-25 | Intel Corporation | Near field communications (NFC)-based offload of NFC operation |
US9400888B1 (en) * | 2015-02-27 | 2016-07-26 | Qualcomm Incorporated | Systems and methods for mitigating effects of an unresponsive secure element during link establishment |
DE102015004319B4 (en) * | 2015-04-01 | 2024-07-11 | Giesecke+Devrient Mobile Security Germany Gmbh | Procedure for supporting an installation of an application |
FR3040226B1 (en) * | 2015-08-17 | 2018-06-08 | Stmicroelectronics (Rousset) Sas | NFC DEVICE HAVING MULTIPLE SECURE ELEMENTS |
KR102453705B1 (en) * | 2015-09-25 | 2022-10-11 | 삼성전자주식회사 | Operation Method of Payment Device for Selectively Enabling Payment Function According to Validity of Host |
CN105243320A (en) * | 2015-10-26 | 2016-01-13 | 上海易码信息科技有限公司 | Authentication method of cloud service platform on mobile application program |
EP3185194A1 (en) * | 2015-12-24 | 2017-06-28 | Gemalto Sa | Method and system for enhancing the security of a transaction |
US11290425B2 (en) * | 2016-02-01 | 2022-03-29 | Airwatch Llc | Configuring network security based on device management characteristics |
US20180018692A1 (en) * | 2016-07-13 | 2018-01-18 | Michael R. Loeb | System and method for acquiring users |
US11070647B1 (en) * | 2017-03-14 | 2021-07-20 | Parallels International Gmbh | Seamless cross-platform synchronization of user activities and application data between mobile and desktop devices |
US10104525B1 (en) * | 2017-07-24 | 2018-10-16 | GM Global Technology Operations LLC | NFC-enabled systems, methods and devices for wireless vehicle communication |
US10581611B1 (en) * | 2018-10-02 | 2020-03-03 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
WO2020072694A1 (en) | 2018-10-02 | 2020-04-09 | Capital One Services, Llc | Systems and methods for cryptographic authentication of contactless cards |
CN110210187A (en) * | 2019-04-24 | 2019-09-06 | 西安中力科技有限公司 | Have and prevents counterfeit APP weight discriminating method |
KR20210052620A (en) * | 2019-10-29 | 2021-05-11 | 삼성전자주식회사 | User device using nfc, authentication system and operation method thereof |
FR3130489B1 (en) * | 2021-12-14 | 2024-08-30 | St Microelectronics Rousset | NFC transaction |
FR3130491B1 (en) * | 2021-12-14 | 2024-08-30 | St Microelectronics Rousset | NFC transaction |
FR3130492B1 (en) * | 2021-12-14 | 2024-08-30 | St Microelectronics Rousset | NFC transaction |
FR3130490B1 (en) * | 2021-12-14 | 2024-08-30 | St Microelectronics Rousset | NFC transaction |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002033644A1 (en) | 2000-10-16 | 2002-04-25 | Inside Technologies | Contact-free integrated circuit reader |
US20070198834A1 (en) * | 2003-11-27 | 2007-08-23 | Rached Ksontini | Method For The Authentication Of Applications |
US20090247077A1 (en) * | 2008-03-27 | 2009-10-01 | Vladimir Sklovsky | Method and Apparatus for Automatic Near Field Communication Application Selection in an Electronic Device |
US20100058463A1 (en) | 2008-08-28 | 2010-03-04 | Oberthur Technologies | Method of exchanging data between two electronic entities |
US20120149302A1 (en) * | 2010-12-08 | 2012-06-14 | Felica Networks, Inc. | Information processing apparatus, information processing method, program, and information processing system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005276184A (en) * | 2004-03-25 | 2005-10-06 | Internatl Business Mach Corp <Ibm> | Wireless service purchase system |
FR2922701B1 (en) * | 2007-10-23 | 2009-11-20 | Inside Contacless | SECURE CUSTOMIZATION METHOD OF AN NFC CHIPSET |
FR2962571B1 (en) * | 2010-07-08 | 2012-08-17 | Inside Contactless | METHOD FOR PERFORMING A SECURE APPLICATION IN AN NFC DEVICE |
-
2012
- 2012-01-03 FR FR1250051A patent/FR2985343B1/en not_active Expired - Fee Related
- 2012-10-09 CN CN201280066030.1A patent/CN104040553B/en not_active Expired - Fee Related
- 2012-10-09 EP EP12781378.0A patent/EP2801052B1/en not_active Not-in-force
- 2012-10-09 WO PCT/FR2012/052289 patent/WO2013102708A1/en active Application Filing
- 2012-10-09 US US14/369,550 patent/US9432086B2/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002033644A1 (en) | 2000-10-16 | 2002-04-25 | Inside Technologies | Contact-free integrated circuit reader |
US7098770B2 (en) | 2000-10-16 | 2006-08-29 | Inside Technologies | Contactless integrated circuit reader |
US20070198834A1 (en) * | 2003-11-27 | 2007-08-23 | Rached Ksontini | Method For The Authentication Of Applications |
US20090247077A1 (en) * | 2008-03-27 | 2009-10-01 | Vladimir Sklovsky | Method and Apparatus for Automatic Near Field Communication Application Selection in an Electronic Device |
US20100058463A1 (en) | 2008-08-28 | 2010-03-04 | Oberthur Technologies | Method of exchanging data between two electronic entities |
FR2935510A1 (en) | 2008-08-28 | 2010-03-05 | Oberthur Technologies | METHOD OF EXCHANGING DATA BETWEEN TWO ELECTRONIC ENTITIES |
US20120149302A1 (en) * | 2010-12-08 | 2012-06-14 | Felica Networks, Inc. | Information processing apparatus, information processing method, program, and information processing system |
Non-Patent Citations (2)
Title |
---|
Dec. 12, 2012 International Search Report issued in International Application No. PCT/FR2012/052289. |
International Preliminary Report on Patentability issued in International Patent Application No. PCT/FR2012/052289 completed on Jun. 5, 2014. |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10404718B2 (en) * | 2015-12-17 | 2019-09-03 | Robert Bosch Gmbh | Method and device for transmitting software |
Also Published As
Publication number | Publication date |
---|---|
EP2801052A1 (en) | 2014-11-12 |
FR2985343A1 (en) | 2013-07-05 |
US20140364058A1 (en) | 2014-12-11 |
FR2985343B1 (en) | 2014-01-03 |
WO2013102708A1 (en) | 2013-07-11 |
EP2801052B1 (en) | 2019-03-27 |
CN104040553B (en) | 2017-05-31 |
CN104040553A (en) | 2014-09-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9432086B2 (en) | Method and system for authorizing execution of an application in an NFC device | |
US8850527B2 (en) | Method of performing a secure application in an NFC device | |
FI125071B (en) | Payment system | |
KR100978053B1 (en) | Method and apparatus for initializing a secure element in a wireless terminal | |
CN101088249B (en) | Method for securing a telecommunications terminal which is connected to a terminal user identification module | |
US20190087814A1 (en) | Method for securing a payment token | |
US8751811B2 (en) | Integrated circuit and system for installing computer code thereon | |
CN108848496A (en) | Authentication method, TEE terminal and the management platform of virtual eSIM card based on TEE | |
WO2003027800A2 (en) | Method and apparatus for secure mobile transaction | |
CN105160776B (en) | City one-card card, business platform, card operation system and implementation method | |
CN109451483B (en) | eSIM data processing method, equipment and readable storage medium | |
WO2012152979A1 (en) | Determination of apparatus configuration and programming data | |
US20070009101A1 (en) | Method for allocating secured resources in a security module | |
EP3446274A1 (en) | Method and device for authorizing mobile transactions | |
Kasper et al. | Rights management with NFC smartphones and electronic ID cards: A proof of concept for modern car sharing | |
KR20160105962A (en) | Method for Operating OTP by Multiple Code Creation Mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INSIDE SECURE, FRANCE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CHEW, GARY;REEL/FRAME:033200/0149 Effective date: 20140624 |
|
AS | Assignment |
Owner name: INSIDE SECURE, FRANCE Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE'S ADDRESS PREVIOUSLY RECORDED AT REEL: 033200 FRAME: 0149. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:CHEW, GARY;REEL/FRAME:033296/0418 Effective date: 20140624 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: VERIMATRIX, FRANCE Free format text: CHANGE OF NAME;ASSIGNOR:INSIDE SECURE;REEL/FRAME:050647/0428 Effective date: 20190624 |
|
AS | Assignment |
Owner name: VERIMATRIX, FRANCE Free format text: CHANGE OF ADDRESS;ASSIGNOR:VERIMATRIX;REEL/FRAME:050733/0003 Effective date: 20190930 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |